ee583f28e1affb62bcba663bc4a4c31be9ae2e40e8826717b9313c68862edbda

Analysis

max time kernel
150s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
09/02/2023, 04:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ee583f28e1affb62bcba663bc4a4c31be9ae2e40e8826717b9313c68862edbda.exe
Size

17.6MB
MD5

1811e4410b8ab98879e7700e60ea5ad7
SHA1

651f2ce85d2a2848e2a9bd6231ad48c0954daec1
SHA256

ee583f28e1affb62bcba663bc4a4c31be9ae2e40e8826717b9313c68862edbda
SHA512

2879a640d0542f5aef68b75356eb27db6d4ce18eb949dad6723e7762373aff247a852e4c0e70ae7656d5043851d9568c69d19dfd26e60f79cd611d8c36026ee2
SSDEEP

393216:vW5O9PIflERtNfCl6e+J9PJHb+DrZLg2lc+tpnMlVeOu8aRMC:+CEeFfClEJ9PJaDrZLg2lc+tpnMlV4lH

Score

7^/10

bootkit persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1500	Setup.exe
1908	LangSet.exe

Loads dropped DLL 25 IoCs

pid	Process
1656	ee583f28e1affb62bcba663bc4a4c31be9ae2e40e8826717b9313c68862edbda.exe
1500	Setup.exe
1500	Setup.exe
1500	Setup.exe
1500	Setup.exe
1500	Setup.exe
1500	Setup.exe
1500	Setup.exe
1500	Setup.exe
1500	Setup.exe
1500	Setup.exe
1908	LangSet.exe
1908	LangSet.exe
1908	LangSet.exe
1908	LangSet.exe
1908	LangSet.exe
1908	LangSet.exe
1908	LangSet.exe
1908	LangSet.exe
1908	LangSet.exe
1908	LangSet.exe
1908	LangSet.exe
1500	Setup.exe
1500	Setup.exe
1500	Setup.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	Setup.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\RsTest.ini	Setup.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Rav.ini	Setup.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAA2D3B1-4BB5-4a45-A17A-122773379D99}	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAA2D3B1-4BB5-4a45-A17A-122773379D99}\ProcID = "{93F4F604-574C-1B29-3030-30313306D200}"	Setup.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1908	LangSet.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 1500	1656	ee583f28e1affb62bcba663bc4a4c31be9ae2e40e8826717b9313c68862edbda.exe	28
PID 1656 wrote to memory of 1500	1656	ee583f28e1affb62bcba663bc4a4c31be9ae2e40e8826717b9313c68862edbda.exe	28
PID 1656 wrote to memory of 1500	1656	ee583f28e1affb62bcba663bc4a4c31be9ae2e40e8826717b9313c68862edbda.exe	28
PID 1656 wrote to memory of 1500	1656	ee583f28e1affb62bcba663bc4a4c31be9ae2e40e8826717b9313c68862edbda.exe	28
PID 1656 wrote to memory of 1500	1656	ee583f28e1affb62bcba663bc4a4c31be9ae2e40e8826717b9313c68862edbda.exe	28
PID 1656 wrote to memory of 1500	1656	ee583f28e1affb62bcba663bc4a4c31be9ae2e40e8826717b9313c68862edbda.exe	28
PID 1656 wrote to memory of 1500	1656	ee583f28e1affb62bcba663bc4a4c31be9ae2e40e8826717b9313c68862edbda.exe	28
PID 1500 wrote to memory of 1908	1500	Setup.exe	29
PID 1500 wrote to memory of 1908	1500	Setup.exe	29
PID 1500 wrote to memory of 1908	1500	Setup.exe	29
PID 1500 wrote to memory of 1908	1500	Setup.exe	29

C:\Users\Admin\AppData\Local\Temp\ee583f28e1affb62bcba663bc4a4c31be9ae2e40e8826717b9313c68862edbda.exe
"C:\Users\Admin\AppData\Local\Temp\ee583f28e1affb62bcba663bc4a4c31be9ae2e40e8826717b9313c68862edbda.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Users\Admin\AppData\Local\Temp\RavTmp\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\RavTmp\Setup.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:1500
- - C:\Users\Admin\AppData\Local\Temp\RavTmp\LangSet.exe
    C:\Users\Admin\AppData\Local\Temp\RavTmp\LangSet.exe /install
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1908

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RavTmp\CfgDll.dll

Filesize
270KB

MD5
0c0a56d49fa8d9ee193f9eaa7b3125b1

SHA1
ab3d49b56247f81a46fc736cb68df478a32e768f

SHA256
3b886ade9e59080ce02bb7bda1ad00b3f9254f52cee3c5e8558abf8adf1a9300

SHA512
8daf373a325fc433196365918f5c85581bf29974f694a367224d1067e15c9fa8faaa747618e1a3e356f7b6b7428be7e80870b00684351547821c8f838b14a0c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\CompsVer.inf

Filesize
3KB

MD5
8303b15e83b990322e4eb9ec4b146dc1

SHA1
a2755e772324fa2c0c390cd65dcdb3cecfb101cf

SHA256
08757c90af66e4b2adf2e0ed915459f63dea6ea7a1e44db0ded04cc232d36a17

SHA512
df0380a635e60286b34f9cd49a69e62e18a10b54dba22bb73e5632b174137b52fbba21f4d6344f36e745ea72305b44e25a0016777802a8b1a31af801a50bc8ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\LANGUAGE\CHS.lag

Filesize
45KB

MD5
227634cd08425aebde04c70fc6bdd1d4

SHA1
b37f6c2047b4605751ae78135f47eb4c3d07323b

SHA256
3156b83d74bffdc838cee4090ebbce405329a6c2797700fea2911e4d706363bd

SHA512
9a0224b1e1a9d9e3037b69cd4a8da14a726007b954aea4af56b2649c83f04a652f9c28385684995c7523190d5baeeea6b92c9cb96bef73719b55629f86cbb8b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\LANGUAGE\Eng.la6

Filesize
84KB

MD5
67cb305eded33bc3aa9bc1af1042c7c7

SHA1
39fb6e8734bb5035c391ea144120600ad8598060

SHA256
8083eb5bfb096df972b3773101d05743e341702ab978cb7328f54bf7b9759d6b

SHA512
5677a16f8492ce1b55b84017d53d457e3b15cb243ebca8b96428ce0820578201f42199f1727943fb87f45e24f4b73bb850185e2c47f2b0ba2d8423bb82681d45

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\LANGUAGE\Eng.lac

Filesize
2KB

MD5
86496c10a2ab303e4da7971436d8db44

SHA1
ba12d12a98d5350cd13ac74e4f0318c314ff5772

SHA256
3ddf6c772c2db5a964a4839c4b790e23a83a1416f9b55e1126e1d97908868e9a

SHA512
4aabd3f0bcedfa56bbff77afccd4cb0c49c5480ae1513ab37e26af86db344f8ca24f629f19a73f7549e2b4fb4194bec087799268164cebeabd8d75cfcc83445c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\LANGUAGE\Eng.lag

Filesize
80KB

MD5
4422e681e8a7aff3221a3de5308aa06a

SHA1
5452f824925aee66fbeccb6b1c53a9041f764465

SHA256
22bc704ad0d2a491217779ec7b091fcbb7e46b4264c714fcd50faf3b01deadd4

SHA512
101ae8559a1feee692c628daf31df3fe67ad47b7eabab21a79770fb1c514ad374e77b457e7d4247c035babdc9c6f2d875229cb029da71109e9b98ec356822fe2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\LANGUAGE\cht.lag

Filesize
44KB

MD5
8cfe677149ca94321c1f44aea66e4316

SHA1
e679947be93bfdacd4cc9a61247c22797553710e

SHA256
2ee0903a1f690c942c27f2de098712f74af6f2799735e3c695e5d399e25ca221

SHA512
f9dd4ae83591f4e02ac52f8b72b762df235bca0c8f27158b48b9a47e10889b87f0bf592b88f46fbcce03399430ff2e14ccac05f6514fa9a866ebdf57307e6ad9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\ProcComm.dll

Filesize
98KB

MD5
ae4a3a533f165b055ec088a692fc4e9a

SHA1
7feea8ec8cb330c6ad6b5c20c40e398204e56ea6

SHA256
ac6d3f656c6e83734d4d034cbff7f82a2b99f5f1a30308fdde4235cd711f225f

SHA512
9d71d57d43a16259b381eb457919faca17d6830df2bce6387c09cb1816f0cf79bc803174819f39f3201f18f1fc3e148da9c39aa1e24c91fd139b9317023abf60

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\RSAPPMGR.DLL

Filesize
62KB

MD5
9993cae186bc04c4103c9c4663dd620e

SHA1
8e3ab301d985df13fc0e7ff7ee2351282f5a34ac

SHA256
851d78ba13d51d4f2e849186268176ef57e815005922f0967ef86a58ecf6a60f

SHA512
2913b6f78d2c67b5102aae1e7995aaf542f8e64184bc829483a48961da0145b530cf91cd187c319686e22311cdaf3f2e80fd0f60d6a914e0de3a3810d55ce343

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\RsLang.dll

Filesize
134KB

MD5
697393919436836ac17dace077e2e14d

SHA1
1198f2a673c9c3f54d7675f052ec4a038334bf5c

SHA256
51ee6848be6cd159a678454cdb92fb78655283fe199387d65edf83a9ef44e4ae

SHA512
8f5dc796bc86789536d4a9ffdd4bd65e82f9c3841f41e8e43d6ca81f77bbc476bdc74381698c46e19cf103b40e5c36b771a52564c41cc5f8c6a0799afb7bfa16

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\Setup.dll

Filesize
154KB

MD5
934bb5b8dd88ab51395717f82c4c9d92

SHA1
b78df9cf454f0c547cf3a785b1e473633d25368d

SHA256
887dbe5d43f4d3563374b5d5771efba0115d8165ff896cd5ce863de52a183323

SHA512
8637715850f56d2044b390096ea199ce8614f68bd49f466afbbb295b280c1c934b19b1dbfbba54003921fe60dc3715223d316b823254d8485b98b34cc266426c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\Setup.exe

Filesize
746KB

MD5
bfc80e3df6d05a4eac52113913db0f9d

SHA1
8cdf618144364f4efdfe628dc5de4242f0de83cb

SHA256
69f8da776418b1ce99e0331d45c6975fd956f9482ea4f99bd76392465ea65aff

SHA512
1e2e870d83339e85cfeeee85ea921b8fe92bab968b7a4d15f9c7b16556e23559eb08c7da14a8be8d5dc5bab3150dc0fb11778380fdc1aa9b3df8111f0fb897fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\Setup.exe

Filesize
746KB

MD5
bfc80e3df6d05a4eac52113913db0f9d

SHA1
8cdf618144364f4efdfe628dc5de4242f0de83cb

SHA256
69f8da776418b1ce99e0331d45c6975fd956f9482ea4f99bd76392465ea65aff

SHA512
1e2e870d83339e85cfeeee85ea921b8fe92bab968b7a4d15f9c7b16556e23559eb08c7da14a8be8d5dc5bab3150dc0fb11778380fdc1aa9b3df8111f0fb897fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\FWBAS2K.xml

Filesize
584B

MD5
35560a2fc7c715facccd9b78faaf5c74

SHA1
df34c511f4994210fb4d036935c2bf47d81b68a0

SHA256
0060e88ea16a05339aa72635c524f8d287f7d8baa55a9cf1c0f5325b4681bb75

SHA512
fc3e211bca5186eb3ea3476b025634f544ea6faa2424b6c2a80fe208208238eb5ede9132fd7ef3d39f65eb09667408430fbd9b8c0b06428c0eab360fa48f031a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\FWBAS2K6.xml

Filesize
617B

MD5
19dfccd68e54596330b029ae67b6606e

SHA1
1f34f375f56860530dab7645a3074aa3f85fa22e

SHA256
a2c18115aaa0dbfe3d3cfa7b571046a56632a3c8cd0f2874b2cfcb4553049416

SHA512
270f883ac963102d7fe35a7a25fc01850655d2174a84924c51c48fec15f2f440f937ec8f3fb03b1885df47e1086b56b566edee22fd046a2c4b9c1424707b2765

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\FWBASENT.xml

Filesize
497B

MD5
259319e4a0b8d4844a025f764049cafc

SHA1
0a2ee3057c0562fd187d6368748e8c3c1a39c499

SHA256
c18dfa0b05ac476c45f926cb75621a24aff1ceed8d2cd26c26f648028c8f19da

SHA512
31e234b41bab7527b08e9dae6b6778a67351c82c1be48b18a630517fc98d362db3073a1f1e4793e4433ff33cd71f692172f2986ad016034b09f96ec18a9202de

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\FWBASVT.xml

Filesize
758B

MD5
d5bfab25c2b3f220e09e2292cb7ab262

SHA1
575575344113be18e18a2076abb3a6c67e8ae7b1

SHA256
8f789988e38977113a55c71c283afe4d2e9834350bcc3426baf8faa5ba05aa70

SHA512
1f358414fb3252d709d2199492a87186a731a8f54faf384d157e9addb1ad06175f7fa670122bea37898b41f6003a0cf8f0c9cec4695bf7c9fe543fe7c17961a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\FWBASVT6.xml

Filesize
767B

MD5
59a5fe5cd82d4f44cd4d0d9540c2c41c

SHA1
f78caaa77054f5c00ca7977f718522f6d48fb11e

SHA256
4f73ccbe4f5059e7cf38744f6e8b2f16ed63066afac5152df95ee7b39a34edd2

SHA512
551420f9d74c655fa95954fb1cb205be630cc855c4724a56d73fd80afa0b0a20a37f1b7810186fcd446dd1ac4cdcbb54b5cfc01fe57d94a185ce3f961d843635

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\FWDATA.xml

Filesize
1KB

MD5
c0d256d162604e82292dfd6134362ea8

SHA1
600ba13ee5630777275925268dae3ee6c99a6a83

SHA256
278c6939fdb0d641193128dfbc3b37ef32610b74a2bdcfd4e09f2a2348a86335

SHA512
ffd4608340b8b53ae1dc46b41abe412367401a010855630f52333a0391165bf151aa40429acb6dd8399b617c39d86c5b0c132699a0df6e09dbef091c8136e200

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\FWDERULE.xml

Filesize
660B

MD5
5fe37a3886b140cd16c87afe28447e28

SHA1
391976b353f7e31a30a09621275d3e86dcaa4d64

SHA256
23d633412dd3e16fe86f0c49f26069a5ae5c74b41aa266d149ae3b88513482ac

SHA512
e50d4cc17c429dd896f20cf7cc767f41ff263a275c73bf512afd3259c52a9f870f801e3fd5d9afe3cbae20acacfe6726bdf401e8dbc1ec1b50a1a1c03a8c958d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\FWDRV9X.xml

Filesize
478B

MD5
0c8c63fdb236545fa4a071bc7ae8ed70

SHA1
57713f23d2cbac8c1a4173e5775aece95617e3b4

SHA256
44debcc586037b76debee7d5041d66ff4c87cc0593cbd987c39cefc2a0d00673

SHA512
1afbd5971ed6352630fc454aa7c5f0d92f47933d1703d77ede8bb7cc00ce270aef8c752761d843829665fb3636fe0e196114090fec18553c19e3f96595df753a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\FWHkHlp.xml

Filesize
469B

MD5
ac7798bdc8600b768d65923a40002225

SHA1
e41908f8dd7b151f2c997b76b464c958d7414938

SHA256
553b5021ec0f4f02d9558e864b8c65e99a067ce9cb5567309bd68e7bf60239c2

SHA512
75fa1ec7dca02f11e73638e62a634eed75457207e506fc903e8f4ffdb85ebb24982c85234bbb6426827de90a16bcc07d1ae5b363915c09af39287627660dabe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\FWHkHlp6.xml

Filesize
487B

MD5
acb4c02bea2b46cbc9b551074d2d39b6

SHA1
b37e52773529c5f55a56e1302a7d4fb46d7af642

SHA256
bd5c0952479d524a4af3e6d4e2ed3a60cbfef055d950ddbd6618268782709bc0

SHA512
4396b2902c399afbbd0cb914a8ce70af46288155307bf6dbe99095ba1679ac214df28f1ea2b9eef531119e1edfb5a3402620fc7edbe547d081628dd271ff89d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\FWMAIN.xml

Filesize
602B

MD5
bd7f980f5736303b6c8588dc34eb7d7a

SHA1
18ab2ab883bbb5761dde1559a047b034633e0672

SHA256
c257a9aa8eb2efaf8b983033e7af87cb67ff05fddd2acdab9ed3d227b527b5e8

SHA512
5f23096c6980a93a7a8e5ca26c1a1f9819aa34c028045e55596ecbb7aab7113ed7075d040d80400dce1b46652eaa8a6e215cd88b3ca6f81cb76fd8b9526ab87c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\FWMODRS.xml

Filesize
561B

MD5
4bc647314d25612da92fcfce4df49fae

SHA1
2343ac3ae3c7201b14a3aeafdf3ac43fe3f50117

SHA256
53082f1bbd041ace35a0da5c46ac063c33686007439deb9ab97146d29a5b3a55

SHA512
dd8d610c595e75446f85ef411ea36f7f6df4af4efe2f6b4e94f1e4604e0cfb92d232484e10545522ff5a113c5a47d450413ab7a8c2687c4120283b1806496b86

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\FWRSRULE.xml

Filesize
459B

MD5
abb1b930887573bbf4fc8b9ebfc1e5d2

SHA1
7fbb91168b0ecacd2d45ada15999991b110e9129

SHA256
bb3c3a456e1c6c483f4871695f95441c55408e3a67aab00741709c4153bb9837

SHA512
0276835f188faaa6380965aa45c21b5c873cb4868fc71d2397906208b1729251a4b52c17fb201ea58d78640755f6fcf90971c76afc0b3476f44ee5f8fb6eab59

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\FWSETUI.xml

Filesize
1KB

MD5
f8739e72e42a9535ddc67ec90675f885

SHA1
c8ce4696bcff23b78da3342e2f3fa9f5ea49780b

SHA256
4a6c9b7961446f2c3ffeebb9d7dd5159ff379d4dc2882bf059bca804a8ebdd59

SHA512
a397bbc5e185800ae1518cc4f50465575bbafd7111f3c3000aff7d3e8b1399e8393c8c967dcd4f9f0c734978182a9bc850b767cb86642bfd6bcf1b9c283b88c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\FWSRV.xml

Filesize
1KB

MD5
51f462834cd064dd8a3964ccc335d229

SHA1
1e098b0b4fec19d20eae3a951003635c70e0891f

SHA256
b284c7b5087a22997aa7648ff926dd6288ea2014286b9fca4d965ff79689e536

SHA512
10e503207abf2bda2446c4d12d5e3b5d7358ff549f4d2b4f9645db67cb51346e79675821d5c396b2768bd48c375c93f4547f777605507f313a53f8f06cba80ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\FWTDI.xml

Filesize
466B

MD5
f39f17705bd9f33c760a6c0f2fd09ed9

SHA1
87079ba3224ea80b30e58df2f62490fe6a51d68b

SHA256
942e181767386b6b8dbd1fafb065df0637dc7496ea6e8513fdd296eb0d4c7c4a

SHA512
5c33e8a94ab5c76c1195187048289cda820e91ca246f731090111597650ee6459eb943b9aca643a5c82cd4ea8ce1e4a4159bfac2dc5a3a88e889d7d540a026e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\FWTDI6.xml

Filesize
484B

MD5
12fea86857973c7840cff562dfb2f2ca

SHA1
68eeb388716ff669612c667979025990360cdcc4

SHA256
46cf8ab659e48157eedaa8bcbae85a656c850497da693cb0f1669c1b77c16330

SHA512
e3a71b43ea8de2d87491b442d26a51e12103df1abd8fd7fbf91420fe623f9db935f2f203aba6beb28b8fc171bdae55a2eea6783c6fc02b9c94ebe255ea7a1468

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\FwArp.xml

Filesize
582B

MD5
14cf1e26c9c5e9345e63998208920977

SHA1
0724472d6f1233edb5014759f559a6c464365731

SHA256
82e6c301340e589f1cf9758a3c6319c7ed503c4bdb534acee3556fabb7cd8fb4

SHA512
6343a19781813f4f085401e2e2c9f5e545fb4def0958c056b7e8b762ed206157ca49c8cac203fbd917be10bd6fdc69acf37e2455bbec2e52d8416109a3e88276

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\FwArp6.xml

Filesize
617B

MD5
b9e6bec47341235dd762b5f0d39c7a4d

SHA1
84c2fa8df8f0b589a0808c54abf5aaff93f6633b

SHA256
7fa2c3aae27a8a9d18cd4e4c0035f194dc68dfbb744416b08e0e978f6b07d274

SHA512
6cdffc75d25798586482066bac0078c4334103e430274ad5216159576ff37c16b3c135edffb53a9416336d5d59c7da9ebdff0319c6c95f4f22316232ca735a14

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\FwComDll.xml

Filesize
716B

MD5
5f877cfe3f4d649d890dbc8d6efe1397

SHA1
606b7fb5f9013ff41dc4d23e72f3044407c37f2e

SHA256
ca668330af493bee3b9cc03ce8e25ad7871e446fad8e8d88496d4a6487bae051

SHA512
361257d51576c4daaaff1881db357e1b8a19d7d02c65b25d566bfd465c22ce47d99864faeabdcd42b7376a14fd2bc4ffed4e665993aecb2c806a50801d85bd9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\FwDrvSet.xml

Filesize
1KB

MD5
a6253a458bbcb0c97db8a18e9761bb22

SHA1
ccae6c830c2ab37e60493b8de5fe79bca4155c84

SHA256
0e429844f02c6190f9ff25eb47363eaf53c96de1502ad905c9ed50373b56d579

SHA512
3940345c56d0f077874041456167671d74dbcd07bf99543275374492eb6c1255d566732be074047cb2ae566d0456fed3d4aeb6425b39441e24178fde28062c98

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\FwMdDrv.xml

Filesize
742B

MD5
a08c97b32af86e7ebb144afc70c112f3

SHA1
8abc8f94182e49a29722817706eb3eecdac3adaa

SHA256
eec2ff0536bc729394d553b3f5d8e2b2c3e747ef118eac0d178ca293dd5e8c6d

SHA512
11345078650c5576e9667cb1b17bc09804aeeefc5eca866e695f7523fd70eb97169696896e1835422089798ea35db5e25fe5f9d85c22fec94ecb855fe073d74a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\FwSetupC.xml

Filesize
659B

MD5
8e5c80f81f42fd95ab49e6d5903a09fb

SHA1
0b6e6d8dfd4f2ca48ba36b1550e868032f5e5899

SHA256
30e31dde23d66b18fc782dd97a2bba1d90a78ae3b6f55a55bc35dcaeadff7413

SHA512
6d92ee35f2f7d8fabe4767503ef9f27cc3515598d170da9c444c5ad3386eec279188403bf45a98c91ac984fc382959eefbeea630a3dff8b806fc470807b55084

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\FwTray.xml

Filesize
427B

MD5
90ac18bdac1ad6821756fed848895719

SHA1
a3be5aafa3cf190d65ef084ea3a4f8e98ab08841

SHA256
86c06411bab83e47cb21d15270a610f0822b7c7afada9f9e0199229bb18b380b

SHA512
5f6b535f8f8cf1a0080b1a46e9aeff0f1a6dc9b64d79764abc2c6a034fedb4e3299bc625d7e7b783f07890690a8dcb6df7b54d9c8285decb5e805969b22d0df2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\FwVLog.xml

Filesize
590B

MD5
041545ba53c8df2ab3819f9a2d657d2e

SHA1
15153dfea809aa03c48659e03290a86c1cf3fb31

SHA256
d4b7f491cd072d2363228fc3d96e10e3b404ee35631389345edcc9bf8d9936f3

SHA512
3f2e1b07dd87d19bb3b002cdca1b41af90a9cf80b2537daaeb406df0b5fb54c66b1bde2b7717d7600ccf3102c43e210b0c3f5d0d42672b90439d39fff02786e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\LogoRfw.xml

Filesize
1KB

MD5
d08d4c6816ee7e57e2143651fcfe13f0

SHA1
1a2bd7d0f2a3440fa49af16f9c0c534844ce0405

SHA256
f73947bac507cd5c4d6122cfec6130d9899916eebe7dbfcc896fcf7f953d6f23

SHA512
e0f1c0da7c74016766eae62a7fffb10851bd65329e64a9be5ea35b20fad352aab901830e3ef1d4821b8870185a2f53d271479e2921ff907e7c709b4d7561fa5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\MCenterF.xml

Filesize
1KB

MD5
ff4d5b14dbfa49fd8cfb968edfffa5b3

SHA1
9ad3329d4339171966555117d366e64b8bd41dbe

SHA256
ae9de91cbe40615734cfa3842fca3059e635f7379cbf8a00ca33f4ec11bb8ab2

SHA512
34427e67fb04470bc307d506e7bc751f525d0fdfcea8841763a080ad09e907872b8898f0503e76fd1924534720fefe85d73c52a0196a00cb8587eb78850d5a0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\RFWCfg.xml

Filesize
1KB

MD5
5a3e701b40d62066ae48afebfcd1fa13

SHA1
c5f02c555db3f40529a868c8f687b7848e8bed6d

SHA256
5810f9f0017be7310fcc51bd86c2eb64a746069b22342fbed28ddbfc501e1b01

SHA512
347f6d662dfa75b74d28c8dc3d75c8da35b8a17ddee262c4669368b056a6bf2b04905158b040bcd803bd72fa9c490e7ffc6d3783014126366032c256f15b8a03

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\RSGUI.xml

Filesize
550B

MD5
646dd28866a3113e416b13aff325e856

SHA1
1d8ade141864adff76d28945005f4b58c5428232

SHA256
13967dac43f8c369009faf4a73e394b16b9454f11e85d6041915ebb152f97d65

SHA512
f3d866fd93a5369b0e141510613c45bcc18213d1f200aae13934473a8e26f9e181fa8c8d591797acb064e229a2c5602ffebdd04175abf3966ea869a4ff1047d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\RSMFC.xml

Filesize
1KB

MD5
22cbbb8f0ca855c40dc338c9cbe60f85

SHA1
875c72feb9d0680d866e2ae2f14b5e8b67aa3cfb

SHA256
535a1466c8bd020cb449a77aea1ec6a8721253849cef153ed4290302b8cabef8

SHA512
767fec48cc71ae04bf1fe676aba1b19ae97412c1f7be828dc2049009a93b2aa5b42f0b6abaeab4e46e7f82f06ba6e1e522f3539d3608d1e0b4ca9cbfdecc7272

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\RavCopy.xml

Filesize
536B

MD5
b7f7b3034a5447f31ae86fa6a64d93f3

SHA1
9eea8a8cb2d0c3d87e6fb34bb999edc299d6da70

SHA256
b1d4252f04f65494207dcc0e584f2777231a67de986bdbf1599cdcc1504c983c

SHA512
31deee81d18b363042f4ca8b9018ed4cbf536ae12eb1df5ee70de98f631f419e1d721ecb7f99b8a5a006cbf9fb48735f401b8af802c4ffb1183b982d4babd6ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\RegGuide.xml

Filesize
1KB

MD5
fd3e589c92d60e0f2311c7ad795fd6a8

SHA1
ea52c2a56c3dac3b930bb8adc36dd91867feece7

SHA256
c90f5b78d8b5984ad2318d635961f47fe1c7908e0e41f9823e385d0cef33e375

SHA512
ba1a60bade51d527f8f337889b2a13744d79e85458b5b308fc354e2ce34e54d247b8a6f8d73bd50be0e85fe5a1464a086aa6b867592a1836521ff42c2410b91d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\RsCommon.xml

Filesize
1KB

MD5
3faa51aec1b6484a228ba7aad17854d5

SHA1
867740fe408beb0f5548fb6862f2dde2654fd2a0

SHA256
1fb19139a2d8a6cf9b692fe34d78679e378521d513034ec7ba1046ad78a06116

SHA512
741b5dfabf43574e22560fb677bd4a85741edd349ee0022d4d04ad1fce0c985bab769795048e8c05bb6d6dfa642ce36d77cb1d3924f7ca2cb2decf0a3f5234f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\RsConfig.xml

Filesize
552B

MD5
7bc9f3e8937512d8d754ab41d83bab21

SHA1
6df998f413e5d6be7075a6635cc79a805bcdddb0

SHA256
21546702bbbace294c2524fdad31de488d8f530f10a3492baf0c0adb3f7e1cf9

SHA512
f3ef8614261af428579217914552a68014a83e3341e3e8167bafd0b6cbe589a29b2f9b75c49cfb7ad4c965404d5cfaea03cc513fecc843021c892d2d462a6951

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\RsMain.xml

Filesize
2KB

MD5
eda4fc04b7e9c7ffb8d92985ad99ce73

SHA1
a7037f43cf7e68efec20861ce126c956347c1f4e

SHA256
ee5eed0f037c0caee32363c8823d9714a74ae59ced56d25767e62e80444bac23

SHA512
6659a3700e8830a19a32d1f449ad39a9eca33e4958da1e8d7879ef06e67d3814709db0de851b7d17223f07dc1b1deb74c26afe0f7509abb231d9649413b3edc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\RsSetup.xml

Filesize
1KB

MD5
7d9b09768e0fc532e486e00cddee2a22

SHA1
7f1b6d20ebc9eb433e3b026946d11e50c686342e

SHA256
6f7d1077b07daef2c30ea280f54e0f57db7ec7287cddfd42e599b840297c937c

SHA512
5f9763324d3d89b66aed6ac12edeefa4f01233f334db4a73af1a7c7405b7bff3392dd4bd667fc47d9a0939a21121727462aa32d911225bab85277d15774eac6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\RsSrv.xml

Filesize
2KB

MD5
d83bd99b3f6c38dfec9018062f034eb8

SHA1
55ec1a5fb32f9212329a3204fdb25a58758d945f

SHA256
27e31254a84f8e4764700d2ded4dd4470b72e78369c0c50974a8b1fc460a6002

SHA512
1a8591adbb997169331a09345b344ab8257b5741026a77ca4548405fdfa3ae2a34b1e153675524791c233997847263ce1d9cf7322d95a010f3044412cb01b3ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\RsTray.xml

Filesize
2KB

MD5
986538843338a0fb9e4822245d73cbc9

SHA1
735c033a33d81c018abb497f166b39766726d1cd

SHA256
c0e8e5330a7443d6d2347f4786263da738951c8efd221673e272277c4e72253f

SHA512
5d870aa8751da36b8442b4ea832021533026e39fe3dbb86259b78cb2442b652a37365f5e611d99c5ce4cd88fd43353e5406187e13b81b356a4212df348c5ed97

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\Settings.xml

Filesize
1KB

MD5
3b0c0cce2358c69010b5717c0e38e1a1

SHA1
3f9f65a31bc734f08d4a7af610035deae17dd358

SHA256
ea390884b537c09ec6633147a06cff4e2b986e3560545e62e356998f40a4ed6b

SHA512
e1449bffb49671f6d5470f2c01ead47850149dfaf201bb12b2a7a9b3bff1fd18377e0a68d39eb089aa316b1d2026c8916c73183508a1f6aa6461f507e6376aef

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\backrav.xml

Filesize
1KB

MD5
7dab963002facfa1898cf20741b92980

SHA1
1d9c1fdf35744c6a33d69b3649a1e203d374708e

SHA256
57657a7ee90a71313fb8622af1e64ae787adfa1fe8452984005a8be6ef593fc3

SHA512
6663480899e6e24a9dfdbbe3e5abb0f5bc73b3c9cec87fa55decda3e0e2c32dbda83a3984a049d7bc1e20d52604a6cd12bf163346e03c2add32647f690424bda

Download Submit
C:\Users\Admin\AppData\Local\Temp\RavTmp\XMLS\setup.xml

Filesize
8KB

MD5
e37f29f76e62a8c26ed62dceff69d719

SHA1
93c374edd0ded5007c32e7988652e8cd360affd6

SHA256
eff50bbd6017e6e8c87c65ac0fd804dc60d3f2bbeada74ebc50fca7d65e4c5e3

SHA512
44aba9ee56920d400bb06dd5425cd3d168e46d9b304f195824c904575e49db9bf1ce4ff909cae175b54c549c7339d401c8d9d655442925bc5e733f34bb9dcd57

Download Submit
\??\c:\users\admin\appdata\local\temp\ravtmp\backup.cfg

Filesize
33KB

MD5
efed845ab4eb4c2c67c5e2aa91c920fe

SHA1
df30c779722ab7aa2d4f6d5d557688cf12d54e59

SHA256
f02a7d608f72dcc68c43247b2198e7802c117a989e492f644cd5bf9932a297ac

SHA512
e08733c8a7b56158516555861e9a48ce88d32269a77a5116fcf7d54bd9db9bef2a92616baf479cb57a187db1c0d9e750879a170b02b7c5f0bba46b0a78780edf

Download Submit
\??\c:\users\admin\appdata\local\temp\ravtmp\recomp.cfg

Filesize
9KB

MD5
301b0153e6eb9e38be1a5878a39603ad

SHA1
1cef86c5f798b233aecc073822e3f134bc5dbf8a

SHA256
98b0631f87b049c3d397babe02aa3a7d9d7f77979a6b5dd007e953195b6b9395

SHA512
1a0e18d86a02ca4067510d178847f80b1d56be1872f6dc09d3c25ffb7de4c6c356a9cf9aebbedd4489455a50062531ace76033a363da430495c2191364d90343

Download Submit
\Users\Admin\AppData\Local\Temp\RavTmp\CfgDll.dll

Filesize
270KB

MD5
0c0a56d49fa8d9ee193f9eaa7b3125b1

SHA1
ab3d49b56247f81a46fc736cb68df478a32e768f

SHA256
3b886ade9e59080ce02bb7bda1ad00b3f9254f52cee3c5e8558abf8adf1a9300

SHA512
8daf373a325fc433196365918f5c85581bf29974f694a367224d1067e15c9fa8faaa747618e1a3e356f7b6b7428be7e80870b00684351547821c8f838b14a0c2

Download Submit
\Users\Admin\AppData\Local\Temp\RavTmp\CfgDll.dll

Filesize
270KB

MD5
0c0a56d49fa8d9ee193f9eaa7b3125b1

SHA1
ab3d49b56247f81a46fc736cb68df478a32e768f

SHA256
3b886ade9e59080ce02bb7bda1ad00b3f9254f52cee3c5e8558abf8adf1a9300

SHA512
8daf373a325fc433196365918f5c85581bf29974f694a367224d1067e15c9fa8faaa747618e1a3e356f7b6b7428be7e80870b00684351547821c8f838b14a0c2

Download Submit
\Users\Admin\AppData\Local\Temp\RavTmp\ProcComm.dll

Filesize
98KB

MD5
ae4a3a533f165b055ec088a692fc4e9a

SHA1
7feea8ec8cb330c6ad6b5c20c40e398204e56ea6

SHA256
ac6d3f656c6e83734d4d034cbff7f82a2b99f5f1a30308fdde4235cd711f225f

SHA512
9d71d57d43a16259b381eb457919faca17d6830df2bce6387c09cb1816f0cf79bc803174819f39f3201f18f1fc3e148da9c39aa1e24c91fd139b9317023abf60

Download Submit
\Users\Admin\AppData\Local\Temp\RavTmp\RsAppMgr.dll

Filesize
62KB

MD5
9993cae186bc04c4103c9c4663dd620e

SHA1
8e3ab301d985df13fc0e7ff7ee2351282f5a34ac

SHA256
851d78ba13d51d4f2e849186268176ef57e815005922f0967ef86a58ecf6a60f

SHA512
2913b6f78d2c67b5102aae1e7995aaf542f8e64184bc829483a48961da0145b530cf91cd187c319686e22311cdaf3f2e80fd0f60d6a914e0de3a3810d55ce343

Download Submit
\Users\Admin\AppData\Local\Temp\RavTmp\RsAppMgr.dll

Filesize
62KB

MD5
9993cae186bc04c4103c9c4663dd620e

SHA1
8e3ab301d985df13fc0e7ff7ee2351282f5a34ac

SHA256
851d78ba13d51d4f2e849186268176ef57e815005922f0967ef86a58ecf6a60f

SHA512
2913b6f78d2c67b5102aae1e7995aaf542f8e64184bc829483a48961da0145b530cf91cd187c319686e22311cdaf3f2e80fd0f60d6a914e0de3a3810d55ce343

Download Submit
\Users\Admin\AppData\Local\Temp\RavTmp\Setup.dll

Filesize
154KB

MD5
934bb5b8dd88ab51395717f82c4c9d92

SHA1
b78df9cf454f0c547cf3a785b1e473633d25368d

SHA256
887dbe5d43f4d3563374b5d5771efba0115d8165ff896cd5ce863de52a183323

SHA512
8637715850f56d2044b390096ea199ce8614f68bd49f466afbbb295b280c1c934b19b1dbfbba54003921fe60dc3715223d316b823254d8485b98b34cc266426c

Download Submit
\Users\Admin\AppData\Local\Temp\RavTmp\Setup.exe

Filesize
746KB

MD5
bfc80e3df6d05a4eac52113913db0f9d

SHA1
8cdf618144364f4efdfe628dc5de4242f0de83cb

SHA256
69f8da776418b1ce99e0331d45c6975fd956f9482ea4f99bd76392465ea65aff

SHA512
1e2e870d83339e85cfeeee85ea921b8fe92bab968b7a4d15f9c7b16556e23559eb08c7da14a8be8d5dc5bab3150dc0fb11778380fdc1aa9b3df8111f0fb897fe

Download Submit
\Users\Admin\AppData\Local\Temp\RavTmp\rslang.dll

Filesize
134KB

MD5
697393919436836ac17dace077e2e14d

SHA1
1198f2a673c9c3f54d7675f052ec4a038334bf5c

SHA256
51ee6848be6cd159a678454cdb92fb78655283fe199387d65edf83a9ef44e4ae

SHA512
8f5dc796bc86789536d4a9ffdd4bd65e82f9c3841f41e8e43d6ca81f77bbc476bdc74381698c46e19cf103b40e5c36b771a52564c41cc5f8c6a0799afb7bfa16

Download Submit
memory/1500-64-0x0000000000270000-0x00000000002B4000-memory.dmp

Filesize
272KB

Download
memory/1500-57-0x0000000074D61000-0x0000000074D63000-memory.dmp

Filesize
8KB

Download
memory/1500-126-0x00000000023B0000-0x00000000023F4000-memory.dmp

Filesize
272KB

Download
memory/1500-135-0x0000000002360000-0x00000000023A4000-memory.dmp

Filesize
272KB

Download
memory/1908-130-0x0000000000250000-0x0000000000282000-memory.dmp

Filesize
200KB

Download